From 11090349f6f6e8f9adb45c361f4d840d831351fc Mon Sep 17 00:00:00 2001
From: Alexander Berger <alexander.berger@jax.org>
Date: Tue, 13 Aug 2024 08:49:02 -0400
Subject: [PATCH] Updating API to use jacksonlaboratory auth0 client by
 default, and updating manifests to define the same.

---
 deploy/k8s/base/configmap.yaml                            | 2 +-
 .../k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml | 2 +-
 .../overlays/jax-cluster-prod-10--stage/configmap.yaml    | 2 +-
 pyproject.toml                                            | 2 +-
 src/geneweaver/api/controller/api.py                      | 5 ++++-
 src/geneweaver/api/core/config_class.py                   | 8 ++++----
 src/geneweaver/api/core/security.py                       | 4 +++-
 src/geneweaver/api/dependencies.py                        | 1 +
 tests/core/test_security.py                               | 6 +++---
 9 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/deploy/k8s/base/configmap.yaml b/deploy/k8s/base/configmap.yaml
index bef4100..c24848a 100644
--- a/deploy/k8s/base/configmap.yaml
+++ b/deploy/k8s/base/configmap.yaml
@@ -3,4 +3,4 @@ kind: ConfigMap
 metadata:
   name: geneweaver-config
 data:
-  AUTH_CLIENT_ID: "T7bj6wlmtVcAN2O6kzDRwPVFyIj4UQNs"
\ No newline at end of file
+  AUTH_CLIENT_ID: "aE6dpT04mGlvPeUXl4RYGSnCjvHEuawd"
\ No newline at end of file
diff --git a/deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml b/deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml
index 0b9539a..0b3ef90 100644
--- a/deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml
+++ b/deploy/k8s/overlays/jax-cluster-prod-10--prod/configmap.yaml
@@ -3,4 +3,4 @@ kind: ConfigMap
 metadata:
   name: geneweaver-config
 data:
-  AUTH_CLIENT_ID: "oVm9omUtLBpVyL7YfJA8gp3hHaHwyVt8"
\ No newline at end of file
+  AUTH_CLIENT_ID: "C0PrH88Pmjmba9ObVKaIRUITQeiA1Q4D"
\ No newline at end of file
diff --git a/deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml b/deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml
index 0b9539a..0b3ef90 100644
--- a/deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml
+++ b/deploy/k8s/overlays/jax-cluster-prod-10--stage/configmap.yaml
@@ -3,4 +3,4 @@ kind: ConfigMap
 metadata:
   name: geneweaver-config
 data:
-  AUTH_CLIENT_ID: "oVm9omUtLBpVyL7YfJA8gp3hHaHwyVt8"
\ No newline at end of file
+  AUTH_CLIENT_ID: "C0PrH88Pmjmba9ObVKaIRUITQeiA1Q4D"
\ No newline at end of file
diff --git a/pyproject.toml b/pyproject.toml
index ff2380b..9e3664e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "geneweaver-api"
-version = "0.8.0a3"
+version = "0.8.0a4"
 description = "The Geneweaver API"
 authors = [
     "Alexander Berger <alexander.berger@jax.org>",
diff --git a/src/geneweaver/api/controller/api.py b/src/geneweaver/api/controller/api.py
index e004e0d..71f96e5 100644
--- a/src/geneweaver/api/controller/api.py
+++ b/src/geneweaver/api/controller/api.py
@@ -24,7 +24,10 @@
     redoc_url=f"{settings.API_PREFIX}/redoc",
     openapi_url=f"{settings.API_PREFIX}/openapi.json",
     swagger_ui_oauth2_redirect_url=f"{settings.API_PREFIX}/docs/oauth2-redirect",
-    swagger_ui_init_oauth={"clientId": settings.AUTH_CLIENT_ID},
+    swagger_ui_init_oauth={
+        "clientId": settings.AUTH_CLIENT_ID,
+        "scopes": list(settings.AUTH_SCOPES.keys()),
+    },
     lifespan=deps.lifespan,
 )
 
diff --git a/src/geneweaver/api/core/config_class.py b/src/geneweaver/api/core/config_class.py
index 6763b40..89fc38c 100644
--- a/src/geneweaver/api/core/config_class.py
+++ b/src/geneweaver/api/core/config_class.py
@@ -35,15 +35,15 @@ def assemble_db_settings(self) -> Self:
             )
         return self
 
-    AUTH_DOMAIN: str = "geneweaver.auth0.com"
-    AUTH_AUDIENCE: str = "https://api.geneweaver.org"
+    AUTH_DOMAIN: str = "thejacksonlaboratory.auth0.com"
+    AUTH_AUDIENCE: str = "https://cube.jax.org"
     AUTH_ALGORITHMS: List[str] = ["RS256"]
-    AUTH_EMAIL_NAMESPACE: str = AUTH_AUDIENCE
+    AUTH_EMAIL_CLAIM: str = "email"
     AUTH_SCOPES: dict = {
         "openid profile email": "read",
     }
     JWT_PERMISSION_PREFIX: str = "approle"
-    AUTH_CLIENT_ID: str = "T7bj6wlmtVcAN2O6kzDRwPVFyIj4UQNs"
+    AUTH_CLIENT_ID: str = "aE6dpT04mGlvPeUXl4RYGSnCjvHEuawd"
 
     model_config = SettingsConfigDict(
         env_file=".env",
diff --git a/src/geneweaver/api/core/security.py b/src/geneweaver/api/core/security.py
index 07aecd5..5be4162 100644
--- a/src/geneweaver/api/core/security.py
+++ b/src/geneweaver/api/core/security.py
@@ -69,6 +69,7 @@ def __init__(
         auto_error: bool = True,
         scope_auto_error: bool = True,
         email_auto_error: bool = False,
+        email_claim: str = "email",
         auth0user_model: Type[UserInternal] = UserInternal,
     ) -> None:
         """Initialize the Auth0 class."""
@@ -80,6 +81,7 @@ def __init__(
         self.auto_error = auto_error
         self.scope_auto_error = scope_auto_error
         self.email_auto_error = email_auto_error
+        self.email_claim = email_claim
 
         self.auth0_user_model = auth0user_model
 
@@ -277,7 +279,7 @@ def _add_auth_info(self, token: str, payload: dict) -> None:
         payload["auth_header"] = {"Authorization": f"Bearer {token}"}
 
     def _process_email(self, payload: dict) -> None:
-        payload["email"] = payload.pop(f"{self.audience}/claims/email")
+        payload["email"] = payload.pop(f"{self.audience}/{self.email_claim}")
 
         if payload["email"] is not None:
             payload["email"] = payload["email"].lower()
diff --git a/src/geneweaver/api/dependencies.py b/src/geneweaver/api/dependencies.py
index 07a8ff0..48bddbc 100644
--- a/src/geneweaver/api/dependencies.py
+++ b/src/geneweaver/api/dependencies.py
@@ -19,6 +19,7 @@
     domain=settings.AUTH_DOMAIN,
     api_audience=settings.AUTH_AUDIENCE,
     scopes=settings.AUTH_SCOPES,
+    email_claim=settings.AUTH_EMAIL_CLAIM,
     auto_error=False,
 )
 
diff --git a/tests/core/test_security.py b/tests/core/test_security.py
index 9e56914..bc600e5 100644
--- a/tests/core/test_security.py
+++ b/tests/core/test_security.py
@@ -60,7 +60,7 @@ def create_test_token(mock_requests, claims=None):
     # claims
     if claims is None:
         to_encode = {
-            f"{test_audience}/claims/email": test_email,
+            f"{test_audience}/email": test_email,
             "iss": f"https://{test_domain}/",
             "aud": test_audience,
             "name": test_name,
@@ -247,7 +247,7 @@ async def test_invalid_claim(
     mock_jwt_unverified_header.return_value = private_key
 
     to_encode = {
-        f"{test_audience}/claims/email": test_email,
+        f"{test_audience}/email": test_email,
         "name": test_name,
         "scope": "openid profile email",
     }
@@ -277,7 +277,7 @@ async def test_missing_claim_email_error_claim(
     mock_jwt_unverified_header.return_value = private_key
 
     to_encode = {
-        f"{test_audience}/claims/email": None,
+        f"{test_audience}/email": None,
         "iss": f"https://{test_domain}/",
         "aud": test_audience,
         "name": test_name,